<?php
if (isset($_POST["PHPSESSID"])) {
	session_id($_POST["PHPSESSID"]);
}
include_once('../init.php');
$lg['userid'] = numFilter($_SESSION['userid']);
$lg['groupid'] = numFilter($_SESSION['groupid']);

if(!isLogin()){
	exit("alert('请先登陆');");
}
if(getPopedom(14)==0){
	exit('<div style="font-size:14px; padding:10px; text-align:center;">您所在的用户组没有权限上传附件。</div>');
}

$updir="../../uploadfile/attachment/";//上传目录
$renamed="1";//是否重命名1表示重命名0表示用原来的文件名
$overwrite="1";//是否覆盖1表示覆盖0表示不覆盖
if (isset($_FILES["Filedata"]) && is_uploaded_file($_FILES["Filedata"]["tmp_name"]) && $_FILES["Filedata"]["error"] == 0) {
	$userrow = $db->row_select_one("users","id={$lg['userid']}");
	if(empty($userrow)){
		exit("Uses Not Exist;");
	}
	//上传文件赋值给$upload_file
	$upload_file=$_FILES["Filedata"];
	//获取文件类型
	$file_info=pathinfo($upload_file["name"]);
	
	//获取文件大小
	$file_size = intval($_FILES["Filedata"]["size"]);
	$file_size_max = intval(getPopedom(15)*1024);

	if( $file_size > $file_size_max ){
		die("文件({$file_size})太大,超过({$file_size_max})");
	}

	//获取文件类型
	$file_type = $_FILES["Filedata"]["type"];

	//获取文件扩展名
	$file_ext=strtolower($file_info["extension"]);
	$file_ext=addslashes(str_replace(array("'","/","\/","\"","."),array('','','','',''),$file_ext));
	$file_ext_allow= strtolower(getPopedom(17));
	if($file_ext_allow!="*" && !stristr(",{$file_ext_allow}," , ",{$file_ext},")){
		die("文件({$file_ext})不在允许类型中({$file_ext_allow})");
	}

	
	$today_uploaded = intval($userrow['todayuploaded']);
	$today_upload_max = intval(getPopedom(16));
	if($today_uploaded>=$today_upload_max){
		die("超过上传个数了。{$today_uploaded}---{$today_upload_max}");
	}

	//设置上传的路径
	switch($cache_settings['attachmentsave']){
		case "all":
			$upload_path=$updir;
			break;
		case "month":
			$upload_path=$updir.date(Y).date(m)."/";
			break;
		case "day":
			$upload_path=$updir.date(Y).date(m).date(d)."/";
			break;
		case "ext":
			$upload_path=$updir.$file_ext."/";
			break;
		default:
			$upload_path=$updir.date(Y).date(m)."/";
			break;
	}

	//建立文件夹
	create($upload_path);
	//需要重命名的
	$file_ext=in_array($file_ext,array('jpg','gif','jpeg','png'))?$file_ext:"6kfile";
	if($renamed){
		$upload_file['name']=$lg['userid'].'_'.time().'_'.mt_rand(1000,9999).'.'.$file_ext;
	}
	//设置默认服务端文件名
	$upload_file['filename']=$upload_path.$upload_file['name'];
	//检查文件是否存在
	if(file_exists($upload_file['filename'])){
		if($overwrite){
			@unlink($upload_file['filename']);
		}else{
			$j=0;
			do{
				$j++;
				$temp_file=str_replace('.'.$file_ext,'('.$j.').'.$file_ext,$upload_file['filename']);
			}while (file_exists($temp_file));
			$upload_file['filename']=$temp_file;
			unset($temp_file);
			unset($j);
		}
	}
	if(@move_uploaded_file($upload_file["tmp_name"],$upload_file["filename"])){
		$imginfo = @getimagesize($upload_file["filename"]);
		if(!empty($imginfo)){
			$attach['imgwidth'] = $imginfo[0];
			$attach['type'] = 1;
		}
		$attach['filename'] =$file_info['basename'];
		$attach['filename']=addslashes(str_replace(array("'","/","\/","\""),array('','','',''),$attach['filename']));
		$attach['filesize'] =$file_size;
		$attach['filetype'] =$file_type;
		$attach['filepath'] =str_replace($updir,'',$upload_file['filename']);
		$attach['uploadtime'] =time();
		$attach['userid'] = $lg['userid'];
		$attach['username'] = $userrow['username'];
		$db->row_insert("attachments",$attach);

		$res['fileid'] = $db->insert_id();
		$res['md5'] = md5($attach['filepath'].$attach['uploadtime']);
		$res['filename'] = $upload_file["filename"];
		$res['filepath'] = $attach['filepath'];

		$upuser['todayuploaded']="todayuploaded+1";
		$upuser['NOQUOTE_todayuploaded']=true;
		$db->row_update("users", $upuser, "id={$lg['userid']}");
		echo("{\"fileid\":\"{$res['fileid']}\", \"md5\":\"{$res['md5']}\", \"filename\":\"{$res['filename']}\", \"filepath\":\"{$res['filepath']}\" }");
	}else{
		echo ' ';
	}
} else {
	echo ''; // I have to return something or SWFUpload won't fire uploadSuccess
}
//建立文件夹
function create($dir)
{
	if (!is_dir($dir))
	{
		$temp = explode('/',$dir);
		$cur_dir = '';
		for($i=0;$i<count($temp);$i++)
		{
			$cur_dir .= $temp[$i].'/';
			if (!is_dir($cur_dir))
			{
				@mkdir($cur_dir,0777);
				@fopen("$cur_dir/index.htm","a");
			}
		}
	}
}
	
?>